Breadcrumb

DNSSEC

The domain name system (DNS) is effectively the Internet’s address book; it enables website names to be matched to their corresponding registered IP addresses. But illicit alteration of web queries can point end users or services to rogue IP addresses and route them to illegitimate servers for the purpose of data theft. The Domain Name System Security Extensions (DNSSEC) have been created in response to this threat. DNSSEC is a mechanism that involves the use of digital signatures to enable servers to authenticate and verify the integrity of DNS responses to queries.

Attackers who gain access to your DNS process can lure customers to a site that pretends to be yours, tricking them into providing private information.

While it is possible to implement DNSSEC in software, attackers can gain access to signing keys and compromise the DNS query process.

DNSSEC: nCipher Solutions

Products and services from nCipher can help you deploy a high-assurance DNSSEC process that protects your business and your customers’ information while at the same time delivering the performance your business requires. nShield Hardware Security Modules (HSMs) enable top level domains (TLDs), registrars, registries and enterprises to secure critically important signing processes used to validate the integrity of DNSSEC responses across the Internet, and protect the DNS from what are commonly referred to as “cache poisoning” and “man-in-the-middle” attacks. HSMs provide proven and auditable security advantages, enabling proper generation and storage for signing keys to assure the integrity of the DNSSEC validation process.

Solution Briefs : SECURING SIGNING KEYS FOR DNSSEC DEPLOYMENTS

nCipher HSMs enable top level domains, registrars, registries and enterprises to secure critically important signing keys used to validate the integrity of DNSSEC responses across the Internet, and protect the DNS from cache poisoning and man-in-the-middle attacks. Download the solution brief to learn more.